| 1.1.5.1.5 Set 'Windows Firewall: Domain: Apply local connection security rules' to 'Yes (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.1.8 Set 'Windows Firewall: Domain: Logging: Log dropped packets' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.1.9 Set 'Windows Firewall: Domain: Logging: Log successful connections' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.3 Set 'Windows Firewall: Public: Apply local connection security rules' to 'No' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.default.accept_source_route' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'sysctl net.ipv4.conf.all.accept_source_route' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - 'sysctl net.ipv4.conf.all.accept_redirects' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - 'sysctl net.ipv4.conf.default.accept_redirects' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'sysctl net.ipv4.conf.default.secure_redirects' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored (sysctl exec) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.all.rp_filter' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'sysctl net.ipv6.conf.all.accept_ra' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.all.accept_redirects' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'sysctl net.ipv6.conf.default.accept_redirects' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure TCP Wrappers is installed | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure /etc/hosts.deny is configured | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure loopback traffic is configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure default deny firewall policy | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1 Ensure IPv6 loopback traffic is configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1 Ensure IPv6 loopback traffic is configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.4 Ensure IPv6 default deny firewall policy | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2 Ensure default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2 Ensure default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3 Ensure loopback traffic is configured - output | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3 Ensure loopback traffic is configured - output | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.5 Ensure firewall rules exist for all open ports | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.5 Ensure firewall rules exist for all open ports | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.1 Prefer using secrets as files over secrets as environment variables | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1 Prefer using secrets as files over secrets as environment variables | CIS Kubernetes v1.11.1 L2 Master Node | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure the 'addressIncludeList' attribute is set to a whitelist of IP addresses | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Private Profile | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Private Profile | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Public Profile | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Public Profile | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Public Profile | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Domain Profile | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Public Profile | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Public Profile | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Public Profile | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
